TCP handshake between servers

mubashar · ‎02-06-2024

scenario is

Server1(192.168.31.65)-fortigateA---MPLS_VPN---fortigateB-Server2(172.16.31.23)

we are making ADC on fortigateB side

whenever server2 check for specific port like 3268,3269,88 towards Server1 used in Active Directory environment with following command all went normal all ports in listening state

Test-Netconnection 192.168.31.65 -port 3269

but whenever we do from server1 towards server2 ports like (389,88,3268 ) are closed

Test-Netconnection 172.16.31.23 -port 3269

we have checked on rules are services and source or destination are fine on both sides , but problem always from server1 side

following is pic from server1 side

what could be the reason here

Mubashar Ahmad

AEK · ‎02-06-2024

Hello

First check that the mentioned ports are listening on server2. You can use on of the following commands on server2:

netstat -an
Test-Netconnection 172.16.31.23 -port 3269

After that you can use the following command on FortiGateB to see if the traffic through VPN tunnel is reaching serverB:

diag snif packet any 'host 172.16.31.23 and port 3269' 4

AEK

hbac · ‎02-06-2024

Hi @mubashar,

Please collect debug flow to see if the traffic is being dropped: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...

Regards,

TCP handshake between servers

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website